Table of Contents
- Overview
- Procedure on Management Account
- The Management Account
- Manually add the Policies to the Account
- Verify if the Accounts are Management or Member Account
- Create User and Associate Policy on Management Account
- Set Permissions to the user
- Set the ARN at the Resources (Visual Editor)
- Set the ARN at the Resources (JSON)
- Add Policy to the User
- Verify the Summary of the User
- Procedure on Member Account
- Create a Role
- Add Trusted Relationship
- Additional Information
Overview
AWS Organization Discovery needs to have the AWS Management Account to be associated with AssumeRole and Readonly Access, this article intended to explain the creating and associating the STS: Assume Role to the Management Account and creating Trusted Relationship with Member Account
Procedure on Management Account
| |||
The Management AccountThe Management account must be having the below policies attached for the "Amazon AWS Organization" to identify.
If the above policy actions are not available on the AWS Account, the account is treated as regular account but not as the Management Account Manually add the Policies to the Account
| |||
Verify if the Accounts are Management or Member Account
| |||
Create User and Associate Policy on Management Account
| |||
Set Permissions to the user
| |||
Set the ARN at the Resources (Visual Editor)
Set the ARN at the Resources (JSON)
| |||
Add Policy to the User
| |||
Verify the Summary of the User
|
Procedure on Member Account
Create a Role
| |||
Add Trusted Relationship
|
|
Additional Information
Assume an AWS role for temporary Cloud Discovery credentials | |
Assuming member roles with an AWS API | |
AWS Organizations and Temporary Credentials | |
Discovery - Assume Role enhancements for AWS Organizations |